<?php
// PHP 4.1

// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';

foreach ($_POST as $key => $value) {
  $value = urlencode(stripslashes($value));
  $req .= "&$key=$value";
}

// post back to PayPal system to validate
$header .= "POST /cgi-bin/webscr HTTP/1.0\r\n";
$header .= "Content-Type: application/x-www-form-urlencoded\r\n";
$header .= "Content-Length: " . strlen($req) . "\r\n\r\n";
$fp = fsockopen ('ssl://www.paypal.com', 443, $errno, $errstr, 30);

// assign posted variables to local variables
$item_name = $_POST['item_name'];
$item_number = $_POST['item_number'];
$payment_status = $_POST['payment_status'];
$payment_amount = $_POST['mc_gross'];
$payment_currency = $_POST['mc_currency'];
$txn_id = $_POST['txn_id'];
$receiver_email = $_POST['receiver_email'];
$payer_email = $_POST['payer_email'];

if (!$fp) {
  // HTTP ERROR
} else {
  fputs ($fp, $header . $req);
  while (!feof($fp)) {
    $res = fgets ($fp, 1024);
    if (strcmp ($res, "VERIFIED") == 0) {
      // check the payment_status is Completed
      // check that txn_id has not been previously processed
      // check that receiver_email is your Primary PayPal email
      // check that payment_amount/payment_currency are correct
      // process payment
      if (strcmp ($payment_status, "Completed") != 0) { 
        return;
      }
      require_once dirname(__FILE__) . '/dbutils.class.php';
      require_once dirname(__FILE__) . '/miscutils.class.php';
      require_once dirname(__FILE__) . '/ecomutils.class.php';
      $myPdo = DbUtils::createPdoInst();
      $cond_vals = new stdClass();
      $cond_vals->c = 't.order_number = :v1';
      $cond_vals->v = array(':v1' => $item_name);
      $tmp = DbUtils::get(DbUtils::createPdoInst(), TABLE_NAME_PREFIX_PLUGIN . 'ecom_order', $cond_vals, NULL, NULL, NULL, NULL, NULL)->d;
      if (count($tmp) > 0 && $tmp[0]->is_paid == 0) {
        $tmp[0]->is_paid = 1;
        DbUtils::update($myPdo,  TABLE_NAME_PREFIX_PLUGIN . 'ecom_order', $tmp[0]);
        if ($tmp[0]->customer_id != 0) {
          EComUtils::update_customer($myPdo, $tmp[0]->customer_id);
        }
      }
    }
    else if (strcmp ($res, "INVALID") == 0) {
      // log for manual investigation
    }
  }
  fclose ($fp);
}
?>